Better Auth•2w ago

Rate limit forgot password (password reset email)

I'm able to send multiple password reset emails in rapid succession. I've tried setting a rate limit but am unclear what I need to enter in the custom function - nothing seems to work. Example:

rateLimit: {
    window: 60, // time window in seconds
    max: 100, // max requests in the window
    customRules: {
      "/forget-password/*": async (request) => {
        return {
          window: 30,
          max: 1,
        }
      }
    },
  },

rateLimit: {
    window: 60, // time window in seconds
    max: 100, // max requests in the window
    customRules: {
      "/forget-password/*": async (request) => {
        return {
          window: 30,
          max: 1,
        }
      }
    },
  },

Any help on what I'm supposed to put in place of /forget-password/*? I've tried several permutations of it. Thanks for the help!

Solution:

Figured it out. It's this: ``` customRules: { "/forget-password": async (request) => {...

Jump to solution

1 Reply

Solution

imonaboat•2w ago

Figured it out. It's this:

customRules: {
      "/forget-password": async (request) => {
        return {
          window: 30,
          max: 1,
        }
      }
    },

customRules: {
      "/forget-password": async (request) => {
        return {
          window: 30,
          max: 1,
        }
      }
    },

and it only works when running in prod - not in dev

Gaming

Programming

Rate limit forgot password (password reset email)

Did you find this page helpful?